Note Internet Explorer 6, when used with Microsoft Windows 98, Microsoft Windows 98 Second Edition, Microsoft Windows Millennium Edition, and Microsoft Windows NT 4.0 does not respond to a negotiate challenge and default to NTLM (or Windows NT Challenge/Response) authentication even if the Enable Integrated Windows Authentication (requires restart) check box is selected because Kerberos authentication is not available on these operating systems.

STATUS

This behavior is by design.

MORE INFORMATION

The Enable Integrated Windows Authentication (requires restart) check box is selected by default in Internet Explorer 6 for Windows XP and Windows Server 2003, so the information in this article only applies to Internet Explorer 6 or later for Windows 2000. Note that the Kerberos authentication protocol is still the default protocol for other forms of network authentication on Windows 2000-based computers with Internet Explorer versions 6 or later.

Neither Internet Explorer versions 5.x or 6 and later support Kerberos authentication with a proxy server, even if Integrated Windows Authentication is enabled. For more information about this issue, click the following article number to view the article in the Microsoft Knowledge Base:

321728 Internet Explorer does not support Kerberos authentication with proxy servers

For more information about Integrated Windows Authentication with Internet Information Services 5.0, click the following article numbers to view the articles in the Microsoft Knowledge Base:

215383 How to configure IIS to support both the Kerberos protocol and the NTLM protocol for network authentication